Skip to content
  • About
    • What is Symfony?
    • Community
    • News
    • Contributing
    • Support
  • Documentation
    • Symfony Docs
    • Symfony Book
    • Screencasts
    • Symfony Bundles
    • Symfony Cloud
    • Training
  • Services
    • Platform.sh for Symfony Best platform to deploy Symfony apps
    • SymfonyInsight Automatic quality checks for your apps
    • Symfony Certification Prove your knowledge and boost your career
    • SensioLabs Professional services to help you with Symfony
    • Blackfire Profile and monitor performance of your apps
  • Other
  • Blog
  • Download
sponsored by SensioLabs
  1. Home
  2. Documentation
  3. Cookbook
  4. Security
  • Documentation
  • Book
  • Reference
  • Bundles
  • Cloud

Table of Contents

  • Authentication (Identifying/Logging in the User)
  • Authorization (Denying Access)

Security

Edit this page

Warning: You are browsing the documentation for Symfony 2.3, which is no longer maintained.

Read the updated version of this page for Symfony 6.2 (the current stable version).

Security

Authentication (Identifying/Logging in the User)

  • How to Build a Traditional Login Form
    • Redirecting after Success
    • Avoid Common Pitfalls
  • How to Load Security Users from the Database (the Entity Provider)
    • Introduction
    • 1) Create your User Entity
    • 2) Configure Security to load from your Entity
    • Forbid Inactive Users (AdvancedUserInterface)
    • Using a Custom Query to Load the User
    • Understanding serialize and how a User is Saved in the Session
  • How to Add "Remember Me" Login Functionality
    • Forcing the User to Opt-Out of the Remember Me Feature
    • Forcing the User to Re-Authenticate before Accessing certain Resources
  • How to Impersonate a User
    • Events
  • How to Customize your Form Login
    • Form Login Configuration Reference
    • Redirecting after Success
  • How to Create a custom User Provider
    • Create a User Class
    • Create a User Provider
    • Create a Service for the User Provider
    • Modify security.yml
  • How to Create a custom Authentication Provider
    • Meet WSSE
    • The Token
    • The Listener
    • The Authentication Provider
    • The Factory
    • Configuration
    • A little Extra
  • Using pre Authenticated Security Firewalls
    • X.509 Client Certificate Authentication
  • How to Change the default Target Path Behavior
  • Using CSRF Protection in the Login Form
    • Configuring CSRF Protection
    • Rendering the CSRF field
  • How to Use multiple User Providers

Authorization (Denying Access)

  • How to Use Voters to Check User Permissions
    • How Symfony Uses Voters
    • The Voter Interface
    • Creating the custom Voter
    • Declaring the Voter as a Service
    • How to Use the Voter in a Controller
    • Changing the Access Decision Strategy
  • How to Use Access Control Lists (ACLs)
    • Bootstrapping
    • Getting Started
    • Cumulative Permissions
  • How to Use advanced ACL Concepts
    • Design Concepts
    • Database Table Structure
    • Scope of Access Control Entries
    • Pre-Authorization Decisions
    • Post Authorization Decisions
    • Process for Reaching Authorization Decisions
  • How to Force HTTPS or HTTP for different URLs
  • How to Secure any Service or Method in your Application
    • Securing Methods Using Annotations
  • How Does the Security access_control Work?
    • 1. Matching Options
    • 2. Access Enforcement
    • Matching access_control By IP
    • Forcing a Channel (http, https)
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.
TOC
    Version
    We stand with Ukraine.
    Version:
    Show your Symfony expertise

    Show your Symfony expertise

    Symfony Code Performance Profiling

    Symfony Code Performance Profiling

    Symfony footer

    ↓ Our footer now uses the colors of the Ukrainian flag because Symfony stands with the people of Ukraine.

    Avatar of Mark van den Berg, a Symfony contributor

    Thanks Mark van den Berg for being a Symfony contributor

    1 commit • 7 lines changed

    View all contributors that help us make Symfony

    Become a Symfony contributor

    Be an active part of the community and contribute ideas, code and bug fixes. Both experts and newcomers are welcome.

    Learn how to contribute

    Symfony™ is a trademark of Symfony SAS. All rights reserved.

    • What is Symfony?

      • Symfony at a Glance
      • Symfony Components
      • Case Studies
      • Symfony Releases
      • Security Policy
      • Logo & Screenshots
      • Trademark & Licenses
      • symfony1 Legacy
    • Learn Symfony

      • Symfony Docs
      • Symfony Book
      • Reference
      • Bundles
      • Best Practices
      • Training
      • eLearning Platform
      • Certification
    • Screencasts

      • Learn Symfony
      • Learn PHP
      • Learn JavaScript
      • Learn Drupal
      • Learn RESTful APIs
    • Community

      • SymfonyConnect
      • Support
      • How to be Involved
      • Code of Conduct
      • Events & Meetups
      • Projects using Symfony
      • Downloads Stats
      • Contributors
      • Backers
    • Blog

      • Events & Meetups
      • A week of symfony
      • Case studies
      • Cloud
      • Community
      • Conferences
      • Diversity
      • Documentation
      • Living on the edge
      • Releases
      • Security Advisories
      • SymfonyInsight
      • Twig
      • SensioLabs
    • Services

      • SensioLabs services
      • Train developers
      • Manage your project quality
      • Improve your project performance
      • Host Symfony projects

      Deployed on

    Follow Symfony

    Search by Meilisearch